ZDI-CAN-18255: Adobe Digital Editions PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-21582

7.8HIGH

Key Information:

Vendor: Adobe
Status: Digital Editions
Vendor: CVE Published:; 12 April 2023

What is CVE-2023-21582?

Adobe Digital Editions versions prior to 4.5.11.187303 are impacted by an out-of-bounds write vulnerability. This flaw could enable attackers to execute arbitrary code within the user’s context. Exploiting this vulnerability necessitates user interaction, as a malicious file must be opened by the victim to trigger the attack. It's essential for users to remain vigilant and update their software to mitigate potential security risks.

Affected Version(s)

Digital Editions <= 4.5.11.187303

Digital Editions <= unspecified

References

https://helpx.adobe.com/security/products/Digital-Edition...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2023
Vulnerability Reserved
Dec 1, 2022